Thanks a lot, Sabine
From: Eric Rescorla [mailto:[email protected]] Sent: 25 April 2017 19:44 To: Randriamasy, Sabine (Nokia - FR/Nozay) <[email protected]> Cc: The IESG <[email protected]>; [email protected]; [email protected]; [email protected]; [email protected] Subject: Re: Eric Rescorla's Discuss on draft-ietf-alto-multi-cost-08: (with DISCUSS) Thanks. I have removed my discuss. -Ekr On Tue, Apr 25, 2017 at 10:36 AM, Randriamasy, Sabine (Nokia - FR/Nozay) <[email protected]<mailto:[email protected]>> wrote: Hello Eric, Thanks a lot for your feedback and suggested text on privacy or security issues. I have added it to section 7 "Privacy And Security Considerations" of the draft update that has just been posted and can be found at https://tools.ietf.org/html/draft-ietf-alto-multi-cost-09 . Best regards, Sabine >>-----Original Message----- >>From: Eric Rescorla [mailto:[email protected]<mailto:[email protected]>] >>Sent: 12 April 2017 01:02 >>To: The IESG <[email protected]<mailto:[email protected]>> >>Cc: >>[email protected]<mailto:[email protected]>; >> Jan Seedorf <[email protected]<mailto:[email protected]>>; alto- >>[email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]>; >>[email protected]<mailto:[email protected]> >>Subject: Eric Rescorla's Discuss on draft-ietf-alto-multi-cost-08: (with >>DISCUSS) >> >>Eric Rescorla has entered the following ballot position for >>draft-ietf-alto-multi-cost-08: Discuss >> >>When responding, please keep the subject line intact and reply to all email >>addresses included in the To and CC lines. (Feel free to cut this introductory >>paragraph, however.) >> >> >>Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >>for more information about IESG DISCUSS and COMMENT positions. >> >> >>The document, along with other ballot positions, can be found here: >>https://datatracker.ietf.org/doc/draft-ietf-alto-multi-cost/ >> >> >> >>---------------------------------------------------------------------- >>DISCUSS: >>---------------------------------------------------------------------- >> >>This document states: >>"This document does not introduce any privacy or security issues not >> already present in the ALTO protocol." >> >>This may be true, but it's not obvious it is, because when questions are asked >>together, that's more of a privacy signature than independently. >>So, suppose that application A asks for metric A and application B asks for >>metric B and application C asks for A and B. If these applications are mixed >>behind a CGN, with single queries then you don't know whether you have >>some A clients and some B clients, but if you do multi-query, it's clear these >>are C clients. This is a potentially serious issue if (for instance) >>Bittorrent >>always asks for a very distinguished set of parameters, so an ALTO server >>might use this to find Bittorrent clients. >> >> >>
_______________________________________________ alto mailing list [email protected] https://www.ietf.org/mailman/listinfo/alto
